Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for maximum_security_2022 by trendmicro
CVE-2025-52521 (GCVE-0-2025-52521)
Vulnerability from nvd – Published: 2025-07-10 18:57 – Updated: 2026-02-26 17:50
VLAI?
Summary
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-64 - Windows Shortcut Following (.LNK)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Security (Consumer) |
Affected:
17.8 , < 17.8.1476
(semver)
cpe:2.3:a:trendmicro:maximum_security_2023:17.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T03:55:31.697100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:46.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security_2023:17.8:*:*:*:*:*:*:*"
],
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.8.1476",
"status": "affected",
"version": "17.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-64",
"description": "CWE-64: Windows Shortcut Following (.LNK)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:57:25.462Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-18876"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-585/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-52521",
"datePublished": "2025-07-10T18:57:25.462Z",
"dateReserved": "2025-06-17T14:02:46.484Z",
"dateUpdated": "2026-02-26T17:50:46.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49385 (GCVE-0-2025-49385)
Vulnerability from nvd – Published: 2025-06-17 20:40 – Updated: 2025-06-18 15:37
VLAI?
Summary
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-64 - Windows Shortcut Following
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Internet Security (Consumer) |
Affected:
17.8 , < 17.8.1464
(semver)
cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T15:35:52.569145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T15:37:33.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:*"
],
"product": "Trend Micro Internet Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.8.1464",
"status": "affected",
"version": "17.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-64",
"description": "CWE-64: Windows Shortcut Following",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:40:29.929Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-18461"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-380/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49385",
"datePublished": "2025-06-17T20:40:29.929Z",
"dateReserved": "2025-06-04T14:20:26.486Z",
"dateUpdated": "2025-06-18T15:37:33.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49384 (GCVE-0-2025-49384)
Vulnerability from nvd – Published: 2025-06-17 20:40 – Updated: 2025-06-18 15:42
VLAI?
Summary
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-64 - Windows Shortcut Following
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Internet Security (Consumer) |
Affected:
17.8 , < 17.8.1464
(semver)
cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T15:41:51.498164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T15:42:37.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:*"
],
"product": "Trend Micro Internet Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.8.1464",
"status": "affected",
"version": "17.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-64",
"description": "CWE-64: Windows Shortcut Following",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:40:21.350Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-11112"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49384",
"datePublished": "2025-06-17T20:40:21.350Z",
"dateReserved": "2025-06-04T14:20:26.485Z",
"dateUpdated": "2025-06-18T15:42:37.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32849 (GCVE-0-2024-32849)
Vulnerability from nvd – Published: 2024-06-10 21:17 – Updated: 2024-08-02 02:20
VLAI?
Summary
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Maximum Security (Consumer) |
Affected:
17 , < 17.7
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "maximum_security",
"vendor": "trendmicro",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:39:10.985990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:43:45.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19175"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-576/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maximum Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "17",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:17:50.957Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19175"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-576/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2024-32849",
"datePublished": "2024-06-10T21:17:50.957Z",
"dateReserved": "2024-04-19T01:47:56.850Z",
"dateUpdated": "2024-08-02T02:20:35.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28929 (GCVE-0-2023-28929)
Vulnerability from nvd – Published: 2023-06-26 21:52 – Updated: 2024-12-05 15:46
VLAI?
Summary
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Security (Consumer) |
Affected:
2023 , < 17.7.1634
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trend_micro_inc:trend_micro_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trend_micro_security",
"vendor": "trend_micro_inc",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:42:15.626436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:46:07.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T21:52:22.423Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-28929",
"datePublished": "2023-06-26T21:52:22.423Z",
"dateReserved": "2023-03-27T22:16:25.202Z",
"dateUpdated": "2024-12-05T15:46:07.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48191 (GCVE-0-2022-48191)
Vulnerability from nvd – Published: 2023-01-18 23:07 – Updated: 2025-04-03 19:53
VLAI?
Summary
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
Severity ?
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Maxium Security (Consumer) |
Affected:
2022 (17.7) , < 17.7
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:54:58.572219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T19:53:47.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maxium Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "2022 (17.7)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-20T05:13:20.976Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-48191",
"datePublished": "2023-01-18T23:07:41.149Z",
"dateReserved": "2022-12-30T02:27:10.986Z",
"dateUpdated": "2025-04-03T19:53:47.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30687 (GCVE-0-2022-30687)
Vulnerability from nvd – Published: 2022-05-26 23:25 – Updated: 2024-08-03 06:56
VLAI?
Summary
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
Severity ?
No CVSS data available.
CWE
- Link Following Arbitrary File Deletion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Maximum Security |
Affected:
2022 (17.7)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maximum Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2022 (17.7)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product\u0027s secure erase feature to delete arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:10:32.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-30687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Maximum Security",
"version": {
"version_data": [
{
"version_value": "2022 (17.7)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product\u0027s secure erase feature to delete arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-30687",
"datePublished": "2022-05-26T23:25:28.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:56:13.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52521 (GCVE-0-2025-52521)
Vulnerability from cvelistv5 – Published: 2025-07-10 18:57 – Updated: 2026-02-26 17:50
VLAI?
Summary
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-64 - Windows Shortcut Following (.LNK)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Security (Consumer) |
Affected:
17.8 , < 17.8.1476
(semver)
cpe:2.3:a:trendmicro:maximum_security_2023:17.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T03:55:31.697100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:46.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security_2023:17.8:*:*:*:*:*:*:*"
],
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.8.1476",
"status": "affected",
"version": "17.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-64",
"description": "CWE-64: Windows Shortcut Following (.LNK)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:57:25.462Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-18876"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-585/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-52521",
"datePublished": "2025-07-10T18:57:25.462Z",
"dateReserved": "2025-06-17T14:02:46.484Z",
"dateUpdated": "2026-02-26T17:50:46.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49385 (GCVE-0-2025-49385)
Vulnerability from cvelistv5 – Published: 2025-06-17 20:40 – Updated: 2025-06-18 15:37
VLAI?
Summary
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-64 - Windows Shortcut Following
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Internet Security (Consumer) |
Affected:
17.8 , < 17.8.1464
(semver)
cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T15:35:52.569145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T15:37:33.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:*"
],
"product": "Trend Micro Internet Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.8.1464",
"status": "affected",
"version": "17.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-64",
"description": "CWE-64: Windows Shortcut Following",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:40:29.929Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-18461"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-380/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49385",
"datePublished": "2025-06-17T20:40:29.929Z",
"dateReserved": "2025-06-04T14:20:26.486Z",
"dateUpdated": "2025-06-18T15:37:33.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49384 (GCVE-0-2025-49384)
Vulnerability from cvelistv5 – Published: 2025-06-17 20:40 – Updated: 2025-06-18 15:42
VLAI?
Summary
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-64 - Windows Shortcut Following
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Internet Security (Consumer) |
Affected:
17.8 , < 17.8.1464
(semver)
cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T15:41:51.498164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T15:42:37.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security_2022:17.8:*:*:*:*:*:*:*"
],
"product": "Trend Micro Internet Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.8.1464",
"status": "affected",
"version": "17.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-64",
"description": "CWE-64: Windows Shortcut Following",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:40:21.350Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-11112"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49384",
"datePublished": "2025-06-17T20:40:21.350Z",
"dateReserved": "2025-06-04T14:20:26.485Z",
"dateUpdated": "2025-06-18T15:42:37.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32849 (GCVE-0-2024-32849)
Vulnerability from cvelistv5 – Published: 2024-06-10 21:17 – Updated: 2024-08-02 02:20
VLAI?
Summary
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Maximum Security (Consumer) |
Affected:
17 , < 17.7
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:maximum_security:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "maximum_security",
"vendor": "trendmicro",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:39:10.985990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:43:45.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19175"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-576/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maximum Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "17",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:17:50.957Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19175"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-576/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2024-32849",
"datePublished": "2024-06-10T21:17:50.957Z",
"dateReserved": "2024-04-19T01:47:56.850Z",
"dateUpdated": "2024-08-02T02:20:35.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28929 (GCVE-0-2023-28929)
Vulnerability from cvelistv5 – Published: 2023-06-26 21:52 – Updated: 2024-12-05 15:46
VLAI?
Summary
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Security (Consumer) |
Affected:
2023 , < 17.7.1634
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trend_micro_inc:trend_micro_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trend_micro_security",
"vendor": "trend_micro_inc",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:42:15.626436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:46:07.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T21:52:22.423Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-28929",
"datePublished": "2023-06-26T21:52:22.423Z",
"dateReserved": "2023-03-27T22:16:25.202Z",
"dateUpdated": "2024-12-05T15:46:07.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48191 (GCVE-0-2022-48191)
Vulnerability from cvelistv5 – Published: 2023-01-18 23:07 – Updated: 2025-04-03 19:53
VLAI?
Summary
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
Severity ?
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Maxium Security (Consumer) |
Affected:
2022 (17.7) , < 17.7
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:54:58.572219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T19:53:47.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maxium Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "2022 (17.7)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-20T05:13:20.976Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-48191",
"datePublished": "2023-01-18T23:07:41.149Z",
"dateReserved": "2022-12-30T02:27:10.986Z",
"dateUpdated": "2025-04-03T19:53:47.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30687 (GCVE-0-2022-30687)
Vulnerability from cvelistv5 – Published: 2022-05-26 23:25 – Updated: 2024-08-03 06:56
VLAI?
Summary
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
Severity ?
No CVSS data available.
CWE
- Link Following Arbitrary File Deletion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Maximum Security |
Affected:
2022 (17.7)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maximum Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2022 (17.7)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product\u0027s secure erase feature to delete arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:10:32.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-30687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Maximum Security",
"version": {
"version_data": [
{
"version_value": "2022 (17.7)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product\u0027s secure erase feature to delete arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-30687",
"datePublished": "2022-05-26T23:25:28.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:56:13.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}